Search Results (1806 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-38482 1 Mega 1 Hopex 2025-05-30 4.3 Medium
A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4.
CVE-2025-22387 1 Optimizely 1 Configured Commerce 2025-05-21 7.5 High
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking.
CVE-2022-38699 1 Asus 1 Armoury Crate Service 2025-05-21 5.9 Medium
Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.
CVE-2019-1053 1 Microsoft 16 Windows 10, Windows 10 1507, Windows 10 1607 and 13 more 2025-05-20 6.3 Medium
An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox. To exploit this vulnerability, an attacker would require unprivileged execution on the victim system. The security update addresses the vulnerability by correctly validating folder shortcuts.
CVE-2019-0986 1 Microsoft 16 Windows 10, Windows 10 1507, Windows 10 1607 and 13 more 2025-05-20 6.3 Medium
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete files or folders of their choosing. The security update addresses the vulnerability by correcting how the Windows User Profile Service handles symlinks.
CVE-2024-38884 1 Horizoncloud 1 Caterease 2025-05-13 7.8 High
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform an Authentication Bypass attack due to improperly implemented security checks for standard authentication mechanisms
CVE-2024-8404 1 Papercut 2 Papercut Mf, Papercut Ng 2025-05-13 7.8 High
An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder. Important: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server. Update: This CVE has been updated in May 2025 to update the fixed version and fix process. Please refer to the May 2025 Security Bulletin. Note: This CVE has been split from CVE-2024-3037.
CVE-2025-3224 1 Docker 1 Desktop 2025-05-10 7.8 High
A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with high privileges. However, this directory often does not exist by default, and C:\ProgramData\ allows normal users to create new directories. By creating a malicious Docker\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege.
CVE-2022-31256 1 Opensuse 1 Factory 2025-05-09 7.7 High
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.
CVE-2024-21355 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-05-09 7 High
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVE-2022-32905 1 Apple 1 Macos 2025-05-06 7.8 High
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges.
CVE-2023-2939 2 Google, Microsoft 2 Chrome, Windows 2025-05-05 7.8 High
Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)
CVE-2024-20686 1 Microsoft 1 Windows Server 2022 23h2 2025-05-03 7.8 High
Win32k Elevation of Privilege Vulnerability
CVE-2024-20656 1 Microsoft 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more 2025-05-03 7.8 High
Visual Studio Elevation of Privilege Vulnerability
CVE-2024-21405 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2025-05-03 7 High
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVE-2024-21397 1 Microsoft 1 Azure File Sync 2025-05-03 5.3 Medium
Microsoft Azure File Sync Elevation of Privilege Vulnerability
CVE-2024-21329 1 Microsoft 1 Azure Connected Machine Agent 2025-05-03 7.3 High
Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVE-2024-28916 1 Microsoft 1 Xbox Gaming Services 2025-05-03 8.8 High
Xbox Gaming Services Elevation of Privilege Vulnerability
CVE-2024-21432 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-05-03 7 High
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-26199 1 Microsoft 1 365 Apps 2025-05-03 7.8 High
Microsoft Office Elevation of Privilege Vulnerability